Principles

Seven principles

A framework fit for the twenty-first century rests on seven principles. Each is a structural critique of how the dominant paradigm operates in practice, and a positive proposal for what should replace it.

  1. Stewardship over restriction From authorisation-by-exception to accountability-by-default. Processing is permitted provided the controller demonstrates appropriate governance.
  2. Risk-based proportionality The intensity of regulatory intervention should match the magnitude and likelihood of the harm it aims to prevent.
  3. Results over formalities Consent pop-ups that no one reads, records of processing that consume resources without insight, DPIAs as legal risk documentation: the systemic manifestations of paperwork over outcomes.
  4. Global interoperability Data governance frameworks that apply only within a single jurisdiction create predictable problems when data flows across borders, as it must.
  5. Human-centred governance Designed around the actual interests, capacities, and vulnerabilities of individuals, not the procedural formalities that notionally protect them.
  6. Harm-centric approach Discrimination, manipulation, exclusion, and structural power abuse: a taxonomy of data-related harms that calibrates intervention to their prevention.
  7. Evidence-based policymaking Proportionality without empirical evidence is empty. Risk calibration without distributional data is impossible. Accountability without measurable outcomes is performative.